| Looking for string hashing using a portable but secure method |
[eluser]Xeoncross[/eluser]
I have been following password hashing and security for a while now, even though much of the mathematics involved far exceeds my understanding. At any rate, this topic is a request for any advanced resources (scripts/articles) you may have or know of on the topic of hashing. The main problem is that MD5 and SHA1 are theoretically becoming easier and easier to break into - even with salts. Many of the auth systems around here create salts and then use one of these to methods to hash a string when checking for a password. Personally, I would like to use phpass for my projects. Seeing the benefit, many systems like Wordpress & drupal already employ this system. However, using the high-level Blowfish-based hashing that makes the lib so useful causes non-portable hashes to be created. This is a problem for sites that keep changing hosts or use multiple servers. You can downgrade the protection that phpass provides all the way back to md5 - but then what is the point of even using it? So any ideas on better security for strings without locking a site to a certain system? If you are looking for a good read you might try this. |
| Messages In This Thread |
|
Looking for string hashing using a portable but secure method - by El Forum - 04-18-2009, 11:47 AM
Looking for string hashing using a portable but secure method - by El Forum - 04-18-2009, 01:15 PM
Looking for string hashing using a portable but secure method - by El Forum - 04-26-2009, 03:26 PM
Looking for string hashing using a portable but secure method - by El Forum - 04-26-2009, 03:36 PM
Looking for string hashing using a portable but secure method - by El Forum - 04-26-2009, 03:49 PM
Looking for string hashing using a portable but secure method - by El Forum - 04-27-2009, 12:47 PM
|
